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DETAILED ACTION 

1 . The Amendment, and remarks therein, received on 4/1 1/2005 have been entered 
and carefully considered. 

2. The Amendment introduces new limitations into the originally sole independent 
claims 1, 11 and 15. The newly introduced limitation has required a new search and 
consideration of the pending claims. The new search has resulted in newly 
discovered prior art. New grounds of rejection based on the newly discovered prior 
art follow below. 

3. The text of those sections of Title 35, U.S. Code not included in this action can be 
found in a prior office action. 

Response to Amendment 

4. Applicant's arguments have been carefully considered but they were not found 
persuasive. 

5. As per claims 1,11 and 1 8 applicant argues that Stein does not disclose any type of 
secure hardware at either the first node or the second node as it is required by newly 
amended claims 1,11 and 18. 

6. The examiner points out that applicant does not disclose any concrete definition of 
the "secure hardware". The most explicit interpretation of the term is provided in the 
newly amended claim language, which essentially defines the secure hardware as a 
hardware that implements applicant's invention. As a result, the examiner considers 
hardware used in the invention that reads on applicant's limitations as a secure 
hardware. 
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7. Furthermore, applicant argues that processes have access to the key at the first 
node in Stein, wherein the newly added limitation prohibits all processes to access 
the key. 

8. The examiner points out that the newly added limitation is not supported by the 
specification. In addition it is not clear how such a limitation would be accomplished. 
Besides the literal hardware keys (e.g. a metal key to open a node's cover) the 
examiner cannot foresee a key that could be used (created, send via electronic 
network etc.) without the use of computer processes. In fact the specification 
recites: "When a user process of a node wishes to authorize communication from 
another user process, it requests the kernel agent to create a channel key" (pg. 4). 
The examiner assumes that the kernel agent is directed towards the operating 
system kernel process . 

9. Claims 1, 3-8, 10-18 have been examined. 

10. Claims 1, 3-8, 10-18 are rejected under 35 U.S.C. 101 because claims the disclosed 
invention is inoperative and therefore lacks utility. The invention is directed towards 
a secure communication involving keys, but the claim limitations prohibit all 
processes running on the communication platforms accessing the keys. 

Claim Rejections - 35 USC §112 

The following is a quotation of the first paragraph of 35 U.S.C. 112: 
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The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 

11. Claims 1, 3-8, 10-18 are rejected under 35 U.S.C. 112, first paragraph, as failing to 
comply with the written description requirement. The claim(s) contains subject 
matter which was not described in the specification in such a way as to reasonably 
convey to one skilled in the relevant art that the inventor(s), at the time the 
application was filed, had possession of the claimed invention. 

12. The new limitation "the keys inaccessible by all processes" is not disclosed in the 
specification and it is not clear how such a limitation could be implemented. 

13. Claims 3-8, 10, 12-14 and 16-18 are rejected by virtue of their dependence. 

14. Claims 1, 3-8, 10-18 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter 
which applicant regards as the invention. 

15. The following limitation: "the keys inaccessible by all processes" renders the claims 
indefinite because the words are not defined and are not clearly understood; as such 
one of ordinary skill in the art could not determine the scope of the claim. For 
purposes of further examination the phrase is treated as best understood. 

16. Claims 3-8, 10, 12-14 and 16-18 are rejected by virtue of their dependence. 

17. Claims 1, 3-7, 11, 14-16 remain rejected under 35 U.S.C. 103 (a) as being 
anticipated by Stein (Lincoln D. Stein, "Web Sercurity, a step-by -step reference 
guide", 1998, ISBN: 0201634899) in view of Carteret a/. (U.S. Patent No. 5845331). 
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18. As per claim 1, as best understood, Stein teaches sending a key (premaster secret), 
identification of the first node, and identification of the second node from hardware of 
the first node (client browser) to hardware of the second node (server) (pg. 41, Fig. 
3.2 transaction 6, and pg. 42 first §), receiving the key identification of the first node, 
and identification of the second node by the hardware of the second node and 
verifying the identification of the first node (pg. 41, Fig. 3.2, transaction 7, pg.42 
second §) and the identification of the second node at the hardware of the second 
node , and storing the key at the hardware of the second node (pg. 42 first §). Once 
an SSL connection is in place the secure hardware of the first hardware and the 
secure hardware of the second node establish a channel over which the process of 
the first node and the process of the second node are able to communicate (SSL 
Characteristics, in particular pg. 40). 

19. Each layer in TCP/IP (or any other OSI "compatible" architecture) has different 
responsibilities and processes at each layer carrying these responsibilities have 
different functions. In the Stein's teaching the SSL communication is invoked by 
web browser/server interaction and all processes invoking SSL mechanism have no 
access to keys, which are produced and used at SSL level. 

20. Stein does not explicitly teach that unauthorized processes running on the first node 
are unable to send unauthorized messages. 

21 . Carteret al. teach to preventing unauthorized processes to conduct unauthorized 
activities (co/. 1 lines 24-35), which reads on preventing unauthorized processes to 
unable to send unauthorized messages. 
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22. It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to prevent unauthorized processes running on the first node to send 
unauthorized messages. One of ordinary skill in the art would have been motivated 
to perform such a modification in order to secure sending messages to only 
authorized processes. 

23. Claims 11 and 15 are substantially equivalent to claim 1; therefore claims 11 and 15 
are similarly rejected. 

24. As per claims 5 and 6 TCP/IP includes source and destination ports. 

25. As per claim 10 processing the message at the process of the first node upon 
successful verification of the key at the secure hardware of the first node is implicit. 

26. Claims 1, 3-7, 11, 14-16 remain rejected under 35 U.S.C. 103 (a) as being 
anticipated by Stein (Lincoln D. Stein, "Web Sercurity, a step-by -step reference 
guide", 1998, ISBN: 0201634899) in view of Fontana (John Fontana, Defending 
against Outlook viruses, http://www.networkworld.com/archive/2000/999 
2000.html, 07/03/00). 

27. As per claim 1 , as best understood, Stein teaches sending a key (premaster secret), 
identification of the first node, and identification of the second node from hardware of 
the first node (client browser) to hardware of the second node (server) (pg. 41, Fig. 
3.2 transaction 6, and pg. 42 first §), receiving the key identification of the first node, 
and identification of the second node by the hardware of the second node and 
verifying the identification of the first node (pg. 41, Fig. 3.2, transaction 7, pg.42 
second §) and the identification of the second node at the hardware of the second 
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node , and storing the key at the hardware of the second node (pg. 42 first §). Once 
an SSL connection is in place the secure hardware of the first hardware and the 
secure hardware of the second node establish a channel over which the process of 
the first node and the process of the second node are able to communicate (SSL 
Characteristics, in particular pg. 40). 

28. Each layer in TCP/IP (or any other OSI "compatible" architecture) has different 
responsibilities and processes at each layer carrying these responsibilities have 
different functions. In the Stein's teaching the SSL communication is invoked by 
web browser/server interaction and all processes invoking SSL mechanism have no 
access to keys, which are produced and used at SSL level. 

29. Stein does not explicitly teach that unauthorized processes running on the first node 
are unable to send unauthorized messages. 

Fontana teaches Microsoft Outlook E-mail security patch that prevents unauthorized 
processes from sending unauthorized messages (Fontana, pg. 2). It would have 
been obvious to one of ordinary skill in the art at the time of applicant's invention to 
prevent unauthorized processes running on the first node to send unauthorized 
messages as taught by Fontana. One of ordinary skill in the art would have been 
motivated to perform such a modification in order to prevent worms from spreading 
to other nodes. 

30. Claims 1 1 and 1 5 are substantially equivalent to claim 1 ; therefore claims 1 1 and 1 5 
are similarly rejected. 

31 .As per claims 5 and 6 TCP/IP includes source and destination ports. 
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32. As per claim 10 processing the message at the process of the first node upon 
successful verification of the key at the secure hardware of the first node is implicit. 

33. Claim 8 is rejected under 35 U.S.C. 103(a) as being unpatentable over Stein 
(Lincoln D. Stein, "Web Sercurity, a step-by -step reference guide", 1998, ISBN: 
0201634899) in view of Carteret al. (U.S. Patent No. 5845331) and in further view of 
Ogawa et al. (U.S. Patent No. 5802065). 

34. Stein in view of Carter et al. teach verifying the identification of the first node and the 
identification of the second node at the hardware of the second node as discussed 
above. Stein in view of Carter et al. do not explicitly teach verifying the identification 
of the first node and the identification of the second node at the hardware of the 
second node comprising verifying the identification of the first node and the 
identification of the second node in a channel state table accessible by the hardware 
of the second node and accessible by all the processes of the second node. Ogawa 
et al. teach verifying the identification of one node and the identification of another 
node in a channel state table accessible by the hardware of the one node and 
accessible by all of the processes of the one node (Ogawa et al. col. 4 lines 50-56 
and col. 5 lines 4-11). It would have been obvious to one of ordinary skill in the art 
at the time of applicant's invention to verify the identification of the first node and the 
identification of the second node in a channel state table accessible by the hardware 
of the second node and accessible by all the processes of the second node as 
taught by Ogawa. One of ordinary skill in the art would have been motivated to 
perform such a modification in order to enhance security and operation speed. 
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35. Claim 8 is rejected under 35 U.S.C. 103(a) as being unpatentable over Stein 
(Lincoln D. Stein, "Web Sercurity, a step-by -step reference guide", 1998, ISBN: 
0201634899) in view of Fontana (John Fontana, Defending against Outlook viruses, 
http://www.networkworld.com/archiveW 07/03/00) and 
in further view of Ogawa et ai (U.S. Patent No. 5802065). 

36. Stein in view of Fontana teach verifying the identification of the first node and the 
identification of the second node at the hardware of the second node as discussed 
above. Stein in view of Fontana do not explicitly teach verifying the identification of 
the first node and the identification of the second node at the hardware of the 
second node comprising verifying the identification of the first node and the 
identification of the second node in a channel state table accessible by the hardware 
of the second node and accessible by all processes of the second node. 

Ogawa et al. teach verifying the identification of one node and the identification of 
another node in a channel state table accessible by the hardware of the one node 
and accessible by all processes of the one node (Ogawa et al. col. 4 lines 50-56 and 
col. 5 lines 4-11). It would have been obvious to one of ordinary skill in the art at the 
time of applicant's invention to verify the identification of the first node and the 
identification of the second node in a channel state table accessible by the hardware 
of the second node and accessible by all the processes of the second node as 
taught by Ogawa. One of ordinary skill in the art would have been motivated to 
perform such a modification in order to enhance security and operation speed. 
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37. Claim 16 remains rejected under 35 U.S.C. 103(a) as being unpatentable over Stein 
(U. S. Pub. No. 20020087884) in view of in view of Carter et al. (U. S. Patent No. 
5845331) and in further view of Baker et al. (U.S. Patent No. 6611498). 

38. Stein in view of Carter et al. teach storing the key at the hardware of the second 
node as discussed above. Stein in view of Carter etal. do not teach storing the key 
comprising storing the key in a key table. Baker et al. teach storing the key 
comprising storing the key in a key table (Baker et al., col 17 lines 4-18). It would 
have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to store the key in the key table as taught by Baker et al. One of ordinary 
skill in the art would have been motivated to perform such a modification in order to 
map keys to the associated session. 

39. Claims 12-13 and 17-18 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Stein (U.S. Pub. No. 20020087884) in view of Carter et al. (U.S. Patent No. 
5845331), Baker etal. (U.S. Patent No. 6611498) and Ogawa etal. (U.S. Patent No. 
5802065) and in further view of Bean et al. (U.S. Patent 'No. 4843541). 

40. Stein in view of Carter et al. } Baker et al. and Ogawa et al. teach a first and a second 
key table and first and second connection tables as discussed above. Stein in view 
of Carter etal., Baker etal. and Ogawa etal. do not explicitly teach node entries 
identifying one of the one or more partitions in which processes are running on the 
nodes. Bean et al. teach unique partition identifiers identifying nodes partitions (col. 
50 lines 55-66). It would have been obvious to one of ordinary skill in the art at the 
time of applicant's invention to include partition identifiers as taught by Bean et al. 
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within the first and second connection tables. One of ordinary skill in the art would 
have been motivated to perform such a modification in order to extend the security 
enhancement and operation speed to systems wherein plurality of different preferred 
guest programming systems could run simultaneously in the different partitions. 

41. Claims 12-13 and 17-18 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Stein (U.S. Pub. No. 20020087884) in view of Fontana (John Fontana, 
Defending against Outlook viruses, 

http://www. networkworld. com/archive/2000/999 1 4J07-03-2000. html, 0 7/03/00) , 
Baker etai (U.S. Patent No. 6611498) and Ogawa etal. (U.S. Patent No. 5802065) 
and in further view of Bean et al. (U.S. Patent No.4843541). 

42. Stein in view of Fontana, Baker et al. and Ogawa et al. teach a first and a second 
key table and first and second connection tables as discussed above. Stein in view 
of Fontana, Baker et al. and Ogawa et al. do not explicitly teach node entries 
identifying one of the one or more partitions in which processes are running on the 
nodes. Bean et al. teach unique partition identifiers identifying nodes partitions (col. 
50 lines 55-66). It would have been obvious to one of ordinary skill in the art at the 
time of applicant's invention to include partition identifiers as taught by Bean et al. 
within the first and second connection tables. One of ordinary skill in the art would 
have been motivated to perform such a modification in order to extend the security 
enhancement and operation speed to systems wherein plurality of different preferred 
guest programming systems could run simultaneously in the different partitions. 
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43. Claims 1 and 10 remain rejected under 35 U.S.C. 103(a) as being anticipated by 
Win et al. (U. S. Patent No. 6161 139) in view of Carter et at. (U. S. Patent No. 
5845331). 

44. As per claim 1 , Win et al. teach sending a key (cookie) from hardware of the first 
node (web server) to hardware of the second node (client's web browser) which is 
stored at the hardware of the second node (cot. 6 lines 25-29). The application uses 
TCP/IP and as a result the first node and the second node verifies first node and 
second node identification. 

45. As per claim 10, Win et al. teach the second node sending the key and the message 
to the first node, which verifies the key and processes the message (URL, col. 6 
lines 29-33 and 37-44). 

46. Win et al. do not explicitly teach that unauthorized processes running on the first 
node are unable to send unauthorized messages. Carteret al. teach to preventing 
unauthorized processes to conduct unauthorized activities (col. 1 lines 24-35), which 
reads on preventing unauthorized processes to unable to send unauthorized 
messages. It would have been obvious to one of ordinary skill in the art at the time of 
applicant's invention to prevent unauthorized processes running on the first node to 
send unauthorized messages. One of ordinary skill in the art would have been 
motivated to perform such a modification in order to secure sending messages to 
only authorized processes. 

47. Claims 1 and 10 remain rejected under 35 U.S.C. 103(a) as being anticipated by 
Win etal. (U.S. Patent No. 6161139) Fontana (John Fontana, Defending against 
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Outlook viruses, http://www. networkworld. com/archive/2000/999 1 4JD7-03- 
2000.html, 07/03/00). 

48. As per claim 1 , Win et al. teach sending a key (cookie) from hardware of the first 
node (web server) to hardware of the second node (client's web browser) which is 
stored at the hardware of the second node (col. 6 lines 25-29). The application uses 
TCP/IP and as a result the first node and the second node verifies first node and 
second node identification. 

49. As per claim 10, Win et al. teach the second node sending the key and the message 
to the first node, which verifies the key and processes the message (URL, col. 6 
lines 29-33 and 37-44). 

50. Win et al. do not explicitly teach that unauthorized processes running on the first 
node are unable to send unauthorized messages. Fontana teaches Microsoft 
Outlook E-mail security patch that prevents unauthorized processes from sending 
unauthorized messages (Fontana, pg. 2). It would have been obvious to one of 
ordinary skill in the art at the time of applicant's invention to prevent unauthorized 
processes running on the first node to send unauthorized messages as taught by 
Fontana. One of ordinary skill in the art would have been motivated to perform such 
a modification in order to prevent worms from spreading to other nodes. 



Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
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§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Peter Poltorak whose telephone number is (571)272- 
3840. The examiner can normally be reached Monday through Thursday from 9:00 
a.m. to 4:00 p.m. and alternate Fridays from 9:00 a.m. to 3:30 p.m 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gregory Morse can be reached on (571)272-3838. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 




